The linux firmware has been updated and the usbduxsigma firmware as
well. However it's still the _old_ firmware.
See the diff between the kernel git and what ubuntu has:
bp1@bp1-Precision-WorkStation-T5400:/tmp/linux-firmware$ diff
usbduxsigma_firmware.bin /lib/firmware/usbduxsigma_firmware.bin
This has been reported in July and the firmware still hasn't been
updated. I'm using the board in teaching at my university and now we
have to manually copy the new firmware version. It's been available
upstream for ages but it's still not in the ubuntu firmware package.
It's very disappointing.
-
bump
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1605974
Title:
usbduxsigma_firmware.bin: old version causes driver crash
To manage notifications about this bug go to:
https://bugs.launchpad.net/
Just hit the same bug (decreasing steal time counters after live
migration of kvm) on a Trusty guest. Would be nice to get that as LTS.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1494350
Title:
Q
When will there be a new release which fixes this bug? Or at least
provide a .deb file or a PPA which could be easily installed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1568132
Title:
terminato
Public bug reported:
Shell Commands can be injected
when the file ~/.gtk-bookmarks contains for example a path like this :
/temp/$(xeyes)/test/
In the settings of the mate-menu the option to show the gtk-bookmarks in
the places must be checked to make it work.
See attached screenshot.
Reason
...and Remove this os.system calls, too please :-)
/usr/share/mate-menu/plugins/recent.py:189:
x = os.system("gvfs-open \""+filename+"\"")
/usr/share/mate-menu/plugins/applications.py:991:
os.system("rm \"%s\" &" % desktopEntry.desktopFile)
/usr/share/mate-menu/plugins/appli
** Attachment added: "recent.py has the same problem / Screenshot"
https://bugs.launchpad.net/ubuntu/+source/mate-menu/+bug/1586346/+attachment/4671530/+files/Screenshot%20recent.py%20%20bug.png
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1513964
Title:
dsextras.py : Shell Command Injection with a pkg name
To manage no
** Attachment removed: "WifiSyslog.txt"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1550676/+attachment/4582509/+files/WifiSyslog.txt
** Attachment removed: "UdevDb.txt"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1550676/+attachment/4582508/+files/UdevDb.txt
** Attachme
There are actually two bugs in cpufreqd_acpi_battery.c:
1. update_battery() doesn't check whether a battery is open or not. This
causes the SIGSEGV
2. init_battery() doesn't know about that attribute current_now has been
replaced by power_now in recent kernels.
Both bugs are fixed with the patch
I've just checked the buffer size and it's now at the right size. All
comedi based programs run now smoothly.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/981234
Title:
buffer overflows in comedi d
thanks for all the hard work of the ubuntu team and congratulations to
the new LTS release!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/981234
Title:
buffer overflows in comedi drivers
To manage
Definitely not an issue in radiance
** Package changed: radiance (Ubuntu) => ubuntu
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/973201
Title:
Scroll bars have no contrast in some windows
To mana
Public bug reported:
This is a major and severe leak, I would classify this as a complete
show-stopper because it is not only leaking *huge* amounts of window
handles, it will also lead to *insane* amounts of memory leakage.
Steps to reproduce:
* start compiz, use the animations plugin and confi
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/954117
Title:
compiz close animation is leaking window handles
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/c
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/692524
Title:
package libatlas3gf-3dnow (not installed) failed to install/upgrade:
subprocess installed post-installation script returned error exit s
Public bug reported:
this happend when I upgraded to LTS.
ProblemType: Package
DistroRelease: Ubuntu 10.04
Package: libatlas3gf-3dnow (not installed)
ProcVersionSignature: Ubuntu 2.6.32-26.48-generic 2.6.32.24+drm33.11
Uname: Linux 2.6.32-26-generic i686
AptOrdering:
libatlas3gf-3dnow: Configure
Ich bin bis 05.10.2010 abwesend
Ich bin z.Z. nicht im Haus und werde Ihre Nachricht nach meiner Rückkehr
beantworten. In besonderen Fällen senden Sie bitte eine Nachricht an
n...@triade.de oder schae...@triade.de.
Hinweis: Dies ist eine automatische Antwort auf Ihre Nachricht "[Bug
546091] Re:
Don't install stuff from getdeb.net (or remove it...)
** Changed in: gimp-plugin-registry (Ubuntu)
Status: New => Invalid
--
package gimp-plugin-registry (not installed) failed to install/upgrade:
tentando escribir «/usr/share/locale/ru/LC_MESSAGES/gimp20-save-for-web.mo»,
que tamén est
*** This bug is a duplicate of bug 650994 ***
https://bugs.launchpad.net/bugs/650994
** This bug has been marked a duplicate of bug 650994
package gimp-plugin-registry (not installed) failed to install/upgrade:
tentando escribir «/usr/share/locale/ru/LC_MESSAGES/gimp20-save-for-web.mo»,
q
Problems with packages installed from other repositories are neither a
bug in Debian nor Ubuntu.
** Changed in: navit (Ubuntu)
Status: New => Invalid
--
wrong version of navit in the repositories ( 0.1 instead of 0.2 )
https://bugs.launchpad.net/bugs/590424
You received this bug notificat
Ich bin bis 22.11.2010 abwesend
Ich bin z.Z. nicht im Haus und werde Ihre Nachricht nach meiner Rückkehr
beantworten. In besonderen Fällen senden Sie bitte eine Nachricht an
n...@triade.de oder schae...@triade.de.
Hinweis: Dies ist eine automatische Antwort auf Ihre Nachricht "[Bug
546091] Re:
annoying) Ubuntu bug and regression. I
really fail to understand what is the intention to break existing
functionality.
http://blogs.gnome.org/sudaltsov/2010/08/20/keyboard-indicator-in-
ubuntu-10-10-disclaimer/
Thanks,
Bernd
ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: gnome-session
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/684330
Title:
layout indicator missing
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
** Summary changed:
- layout indicator missing
+ gnome keyboard layout indicator missing
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/684330
Title:
gnome keyboard layout indicator missing
--
ubu
Exploid Demo Video (german)
https://www.youtube.com/watch?v=JrP7B6CIOMQ
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1483037
Title:
Possible Shell Command Injection in daemon
To manage notificatio
Public bug reported:
File :
/usr/lib/python2.7/pydoc.py
line : 2216 ... 2226
pydoc.py uses old netscape navigator when the webbrowser module can not
be imported:
And it is vulnerable to shell command injection too,
because it uses os.system() wich allows shell commands in the parameter "url".
** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1466633
Title:
Pluma Plugin "Snippets" Manager - Shell Command Injection
To manage notificat
** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1462470
Title:
pydoc.py uses old netscape navigator
To manage notifications about this bug g
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1460403
Title:
Shell Command Injection in cmyk-tiff-2-cmyk-pdf.py
To manage notifications a
** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1467666
Title:
speechd_config executes Shell Commands
To manage notifications about this bug
Public bug reported:
File :
/usr/share/unity-scopes/gmusicbrowser/unity_gmusicbrowser_daemon.py
Function " do_activate" is vulnerable to Shell Commands in the filename
of the tracks, the dirname of the album and the albumtracks.
os.system("xdg-open '%s'" % str(dirname))
##Example : xterm start
Same issues in :
/usr/share/unity-scopes/audacious/unity_audacious_daemon.py
/usr/share/unity-scopes/guayadeque/unity_guayadeque_daemon.py
/usr/share/unity-scopes/clementine/unity_clementine_daemon.py
/usr/share/unity-scopes/musique/unity_musique_daemon.py
--
You received this bug notification be
** Summary changed:
- Possible Shell Comand Injection in deamon
+ Possible Shell Command Injection in daemon
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1483037
Title:
Possible Shell Command Inje
I attached a Clementine Scope Exploid Screenshot Demo
** Attachment added: "exploid scope clementine"
https://bugs.launchpad.net/ubuntu/+source/unity-scope-gmusicbrowser/+bug/1483037/+attachment/4442436/+files/Clementine%20Scope%20Exploid%20Screenshot.png
--
You received this bug notificati
If the shell command can be injected seems only depend on how the
Musikplayers store their data.
The Gmusicbrowser Unity Scope seems to be lucky because the
gmusicbrowser player changes special chars in the name before it stores
it in his database.
The Audacious Scope and Clementine Scope are n
** Changed in: unionfs-fuse (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/386728
Title:
package tzdata 2009h-1 failed to install/upgrade: error crea
** Changed in: unionfs-fuse (Ubuntu)
Status: New => In Progress
** Changed in: unionfs-fuse (Ubuntu)
Assignee: (unassigned) => Bernd Schubert (aakef)
** Changed in: unionfs-fuse (Ubuntu)
Status: In Progress => Fix Committed
--
You received this bug notification be
unionfs. For debian compatibility create a symlink
unionfs-fuse -> unionfs
* lintian fixes (BSD license file, compiler flags)
-- Bernd Schubert Sun, 12 Jul 2015
20:14:57 +0200
** Affects: unionfs-fuse (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notific
Hello Artur,
On 07/21/2015 11:50 PM, Artur Rona wrote:
> Hello Bernd,
>
> thank you for your time and efforts making Ubuntu better! However, this
> package cannot be synced, because Ubuntu delta has not been applied in
> Debian. It seems to be a merge.
> https://wiki.ubuntu.c
Public bug reported:
This is a bug which has been fixed upstream:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-
stable.git/commit/drivers/staging/comedi?id=52ef9e7cb317fcb7f8b63f1bec7271e40341ce98
[ 594.994904] Call Trace:
[ 594.994920] [] dump_stack+0x45/0x56
[ 594.994931] []
Public bug reported:
The session is gnome fallback with the classical menus.
Feb 19 00:09:52 bp1-Dimension-9100 dbus[421]: [system] Activating service
name='org.freedesktop.UDisks2' (using servicehelper)
Feb 19 00:09:52 bp1-Dimension-9100 udisksd[1882]: udisks daemon version 2.1.2
starting
Feb
Fixed in 3.10-1
** Changed in: gpsd (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/584936
Title:
gpsd cannot open /dev/ttyUSB0
To manage notificati
So 15.04 is the answer?
"New" hardware and no change to use the LTS version? That doesn't sound
right?! Or do we have to wait for 14.04.3 for a newer kernel? ->
https://wiki.ubuntu.com/Kernel/LTSEnablementStack#Kernel.2BAC8-Support.A14.04.x_Ubuntu_Kernel_Support
--
You received this bug notif
Also from me the log file attached
** Attachment added:
"openafs-modules-source.buildlog.3.16.0-31-generic.1424767265"
https://bugs.launchpad.net/ubuntu/+source/openafs/+bug/1425388/+attachment/4328694/+files/openafs-modules-source.buildlog.3.16.0-31-generic.1424767265
--
You received this
I have the same problem with 3.13.0-46.
The P9D-X mobo simply does not power off if WoL is enabled.
I tried to go back to 0-45 and 0-44 but they all show the problem.
The last working kernel is 3.13.0-43.
We are now 3 kernel later and the problem is still there.
My lsb_release -rd shows:
Descrip
It works for me, all OK
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1425388
Title:
openafs kernel module (1.6.9-2) failed to build for kernel 3.16.0-31
To manage notifications about this bug go t
So what is the solution for all users with an Intel HD Graphics 5500
(GT2)? I'm also still having the problem on my Lenovo Thinkpad T450s
Is it possible to reopen the Bug #1432194 again? Is there a known
upstream solution for this problem?
--
You received this bug notification because you are a
'm willing to answer Mails in german
Bernd
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1245979
Title:
After Upgrade to Kubuntu 13.10 akondai fails to register at d-bus
session, making kde-pi
@Jörg: i have no mysql zombies
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to akonadi in Ubuntu.
https://bugs.launchpad.net/bugs/1245979
Title:
After Upgrade to Kubuntu 13.10 akondai fails to register at d-bus
session, making kde-pim su
@Jörg: possible two different problems?
I just made a reboot after some updates from opensuse, akonadi has started
successful
the akonadi-*-PID (4759) are higher then dbus (4614)
my akonadi-starts are fifty-fifty successful in the last days, so i can't find
a solution for me
:(
--
You received
@Jörg:
yes, most(all) starts after reboot are successful, after cold boot not
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1245979
Title:
After Upgrade to Kubuntu 13.10 akondai fails to register
after update to KDE 4.12.0 same problem, but ideas about the PIDs are
completely useless
so please ignore them
It doesn't matter whether, if the PIDs are higher or lower
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to akonadi in Ubuntu.
http
ok, also a nvidia card with manually installed 331.20 driver
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1245979
Title:
After Upgrade to Kubuntu 13.10 akondai fails to register at d-bus
session,
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1460413
Title:
Shell Command Injection in logcapture.py
To manage notifications ab
fix works.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1410839
Title:
Shell Command injection in ufw_backend.py
To manage notifications about this bug go to:
https://bugs.launchpad.net/gui-ufw/+b
Public bug reported:
Ubuntu 15.10 Wily Werewolf
The plugin needed for the scanner included with my HP CM1415fn MFP
cannot be installed. The plugin installer hangs just after I did accept
the terms and never returns. There is no difference whether that was
started from hp-setup, hp-toolbox or hp-p
Hello Tyler,
i only used the setup script because the distutils.core.setup() function takes
such a large number of arguments, so its more easy to read than in one single
line of code.
No, i haven't reported this issue to upstream.
--
You received this bug notification because you are a member
Reported to Upstream :
http://bugs.python.org/issue25627
** Bug watch added: Python Roundup #25627
http://bugs.python.org/issue25627
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1514183
Title:
@David
Did you noticed that the albumtracks are a list and not a simple string ?
Have a look on my "Better patch for unity_clementine_daemon.py" on comment #10
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net
Same issue for me on Wily on one of my systems
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1329056
Title:
lightdm does not start under systemd
To manage notifications about this bug go to:
https:
here is the latest network-manager patch for 14.04
** Patch added: "updated network-manager patch for ubuntu 14.04"
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1181964/+attachment/4523005/+files/network-manager-wifi-fix.diff
--
You received this bug notification because yo
Status update
finally I was able to fix this issue upstream see:
https://bugzilla.gnome.org/show_bug.cgi?id=733105
But it is only completely fixed in network-manager 1.0
If you want to fix something for ubuntu 12.04 or ubuntu 14.04
you can use my latest local patches.
Note: that in ubuntu 14.04
This is a wpa_supplicant fix that was found upstreams.
It is only necessary for ubuntu 14.04.
The wpa_supplicant from ubuntu 12.04 did not try to
do an internal scan for the AP, and does not need any fix.
** Patch added: "wpa-wifi-scan-fix.diff"
https://bugs.launchpad.net/ubuntu/+source/netwo
** Attachment removed: "Dependencies.txt"
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025/+attachment/4497264/+files/Dependencies.txt
** Attachment removed: "JournalErrors.txt"
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025/+attachment/4497265/+files/JournalErrors.
I agree,
i think the hostname should be in the hands of the kernel only.
Should not be overwritten by /etc/hostname.sh.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1507025
Title:
Shell Command I
typo ... the path is
/etc/init.d/hostname.sh
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1507025
Title:
Shell Command Injection with the hostname
To manage notifications about this bug go to:
ht
german demo video
https://www.youtube.com/watch?v=qYuVzHsklS8
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1507025
Title:
Shell Command Injection with the hostname
To manage notifications about th
Patch :
HOSTNAME=${HOSTNAME//[^A-Za-z0-9-_]/_}
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1507025
Title:
Shell Command Injection with the hostname
To manage notifications about this bug go to:
Thats better ... (the "-" was wrong in my previous posting )
HOSTNAME="${HOSTNAME//[^A-Za-z0-9_\-]/x}"
i attached a modified hostname.sh wich uses bash.
it can be startet manualy with
sudo /etc/init.d/hostname.sh start
The command should somehow run at startup ... but does not by default ?
*
Workaround ...
to make my modified "hostname.sh" script run at startup, i changed the file
/etc/rc.local
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order t
I attached a patch for unity_clementine_daemon.py wich should solve the
problem using subprocess
** Patch added: "unity_clementine_daemon_patch.diff"
https://bugs.launchpad.net/ubuntu/+source/unity-scope-clementine/+bug/1483037/+attachment/4502656/+files/unity_clementine_daemon_patch.diff
--
Better patch attached for the clementine unity scope Python script.
1) I use subprocess.Popen() this time instead of the simple subprocess.call()
before.
2) Should now handle albumtracks in a better way because its a list of strings.
3) Clementime gives you now a error message on playing a fil
Patch to fix the shell command injection
pitivi Version 0.94
** Patch added: "patch for mainwindow.py , pitivi Version 0.94"
https://bugs.launchpad.net/ubuntu/+source/pitivi/+bug/1506823/+attachment/4504236/+files/mainwindow.py.diff
--
You received this bug notification because you are a me
Yes, this works.
I recently tried that in a slightly different situation and recognized
the textual boot menu that can be controlled with the volume buttons.
A moment ago I had again the restart problem as described above.
Pressing power and volume-up for 8 seconds actually caused the phone to
t
*** This bug is a security vulnerability ***
Public security bug reported:
File :
/usr/lib/python2.7/distutils/command/bdist_rpm.py
Line 358 :
This line in the code uses the depreached os.popen command, should be replaced
with subprocess.Popen() :
out = os.popen(q_cmd)
Exploit demo :
Public bug reported:
mainwindow.py , Line 486
os.system('xdg-open "%s"' % path_from_uri(asset.get_id()))
If you import an image and double click on it to see a preview ,
any shell command in the picture name will be executet.
For example :
1) rename a picture to this name
$(xmessage hello wo
Patch
** Patch added: "Patch for
/usr/lib/python3/dist-packages/speechd_config/config.py"
https://bugs.launchpad.net/ubuntu/+source/speech-dispatcher/+bug/1467666/+attachment/4504591/+files/Patch.diff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is su
I attached a patch witch solves the problem.
I have tested it with gedit 3.10.4 and Ubuntu 15.10
Should be the same in pluma.
** Patch added: "Patch for gedit importer.py"
https://bugs.launchpad.net/gedit/+bug/1466633/+attachment/4504703/+files/importer.py_Patch.diff
--
You received this bu
Public bug reported:
Because of this os.system call in AptOfflineCoreLib.py
x = os.system("%s %s %s %s" % (self.gpgv, self.opts, signature_file,
signed_file) )
the python script is vulnerable to shell command injections in 4 ways.
1. if there is a shell command in the path, for example /tm
** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1509835
Title:
Possible Shell Command Injection
To manage notifications about this bug go to
*** This bug is a security vulnerability ***
Public security bug reported:
https://docs.python.org/2/library/mailcap.html
mailcap.findmatch(caps, MIMEtype[, key[, filename[, plist]]])
Return a 2-tuple; the first element is a string containing the command line to
be executed (which can be passed
** Description changed:
https://docs.python.org/2/library/mailcap.html
mailcap.findmatch(caps, MIMEtype[, key[, filename[, plist]]])
Return a 2-tuple; the first element is a string containing the command line
to be executed (which can be passed to os.system()), ...
Security Bug in mail
My "Idea" for a quick bugfix :
Inside the mailcap.py script,
we copy the file to temp and give the file an random name like this ...
/temp/.tmp
... and then resulting with the random name instead of the original name.
--
You received this bug notification because you are a member of Ubuntu
Bug
My patch.
1) I removed the os.system() calls and append a new function "run" witch
uses subprocess.
2) "Subst" function now uses quote() and is returning a list, not a
string. So it can be passed to subprocess.
3) If you do not want to get back a command "string" but a command
[list] , you can
I fixed a typo and make code shorter.
New patch attached.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1510317
Title:
Shell Command Injection in "Mailcap" file handling
To manage notifications ab
** Patch added: "Patch for mailcap.py (pyhon 2.7)"
https://bugs.launchpad.net/ubuntu/+source/python3.5/+bug/1510317/+attachment/4507759/+files/PatchForMailCap.diff
** Attachment removed: "mailcap.py without shell injections"
https://bugs.launchpad.net/ubuntu/+source/python3.5/+bug/1510317
I have reported it to upstream :
http://bugs.python.org/issue24778
I have uploaded my patches to upstream:
http://bugs.python.org/file40897/mailcap%20patch.zip
** Bug watch added: Python Roundup #24778
http://bugs.python.org/issue24778
--
You received this bug notification because you are a
My patch was accepted by Mr. Sarraf and fixed in apt-offline upstream repo.
https://github.com/rickysarraf/apt-offline/blob/master/apt_offline_core/AptOfflineCoreLib.py
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.laun
my demo exploit video (german)
https://www.youtube.com/watch?v=QGAjwKF5d3w
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1509835
Title:
Possible Shell Command Injection
To manage notifications abou
My improved Patch Nr. 2
** Patch added: "This patch can split the opts string and has a stdout and a
stderr"
https://bugs.launchpad.net/ubuntu/+source/apt-offline/+bug/1509835/+attachment/4509935/+files/Patch2.diff
--
You received this bug notification because you are a member of Ubuntu
Bug
#! /bin/sh
# run this as root early in the boot order. No other script like hostname.sh
should run later
HOSTNAME="$(hostname|sed 's/[^A-Za-z0-9_\-\.]/x/g')";hostname "$HOSTNAME"
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https:/
script
** Attachment added: "changehostname.sh"
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025/+attachment/4510099/+files/changehostname.sh
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bu
Public bug reported:
https://github.com/Legrandin/ctypes/issues/1
The find_library() function can execute code when special chars like ;|`<>$ are
in the name.
The "os.popen()" calls in the util.py script should be replaced with
"subprocess.Popen()".
Demo Exploits for Linux :
==
Public bug reported:
It now happened the second time that I was not able to initiate a
restart of the system on my Bq Aquaris 4.5. This happened after I
pressed the power button for a few seconds and afterwards selected the
restart option.
Other symptoms are:
- The white screen with the black bq
Public bug reported:
The Plugin "Snippets" in Pluma 1.8.1 is vulnerabe to Shell Commands.
If you activate the "snippet" Plugin , you can use "tools -> manage
snippets" from the main menu of pluma.
Example :
If you import a snippet with the manager wich has a filename like this :
";
Same problem with gedit 2.30.4 in Linux Mint 17.1 Rebecca
Watch my (german) Shell Command Injection Demo Video at Timecode
10:00min
https://www.youtube.com/watch?v=abP76r-2js0
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://
Public bug reported:
if espeak is installed , some functions in the script
"speechd_config.py" can be used to execute Shell Commands.
--
Demo Example from the terminal type in :
theregrunner@mint17 : ~ $ python3
Python 3.4.0 (default, Apr 11 2014, 13:05:18)
[GCC 4.8.2] on linux
Type "help
Hallo,
ich habe mit guter Hoffnung Ubuntu V. 12.4 installiert, aber das Problem
besteht immer noch.
Viele Grüße Bernd Schneider
2011/11/5 IKT
> ** Package changed: ubuntu => xorg (Ubuntu)
>
> ** Summary changed:
>
> - meine Bildschirme werden nicht erkannt
> + my moni
601 - 700 of 1110 matches
Mail list logo
